Application powering https://mentoring.mozilla.com
Перейти к файлу
Dustin J. Mitchell 345a8bd2a6 ARCHIVED 2021-04-29 13:30:04 +00:00
.github Create codeql-analysis.yml 2021-03-04 19:25:44 -05:00
frontend Update dependency webpack to v5.36.1 2021-04-28 22:47:30 +00:00
mentoring Merge pull request #111 from djmitche/revert-callback-url 2021-03-26 17:24:27 -04:00
static/images add the mentor-ship 2020-10-16 18:29:15 +00:00
.dockerignore Build a docker image for deployment. 2021-02-16 09:46:59 -05:00
.gitignore add some project-maintenance files, including LICENSE 2021-01-15 19:13:15 -05:00
.taskcluster.yml Use pip-tools to keep a requirements.txt up to date, with hashes 2021-02-18 10:19:58 -05:00
CODE_OF_CONDUCT.md add some project-maintenance files, including LICENSE 2021-01-15 19:13:15 -05:00
CONTRIBUTING.md Only use the DB admin page during development 2021-03-12 14:52:01 +00:00
Dockerfile Consolidate location of env vars for prod 2021-02-19 12:10:38 -05:00
LICENSE add some project-maintenance files, including LICENSE 2021-01-15 19:13:15 -05:00
Mentorship_Diecut.pdf Add original artwork 2020-10-19 15:10:38 -04:00
README.md ARCHIVED 2021-04-29 13:30:04 +00:00
manage.py switch to using django-configurations 2021-01-22 09:56:55 -05:00
pipupdate.sh Use pip-tools to keep a requirements.txt up to date, with hashes 2021-02-18 10:19:58 -05:00
renovate.json enable automerge 2021-03-01 17:03:16 +00:00
requirements.in pipupdate (and fix lint from github merge) 2021-03-19 13:38:01 +00:00
requirements.txt pip update 2021-03-26 15:32:52 +00:00
run-prod.sh Consolidate location of env vars for prod 2021-02-19 12:10:38 -05:00
setup.cfg add pycodestyle checks 2021-01-22 09:56:55 -05:00

README.md

ARCHIVED: this project is archived, pending renewal of the Mozilla Mentoring Program.

mentoring

This is the app behind the Mozilla Mentoring Program

Structure

Contributing

See CONTRIBUTING.md for information on how to develop and contribute to this app.

Running In Production

Docker Image

This repository contains a Dockerfile which will generate a Docker image that can run this service. The details of the frontend are completely handled within the Docker image, so only the Django application needs to be considered. Commands given to the docker image are passed to manage.py, so for example docker run <image> migrate will run the Django DB migrations.

Configuration

Like any 12-factor app, the docker image takes its configuration as environment variables.

Database

This application requires a backend database. In development, it automatically uses a SQLite database, and in production it expects a Postgres database. Pass a URL for that database, of the form postgres://USER:PASSWORD@HOST:PORT/NAME, in environment variable DATABASE_URL.

Secrets

The following environment variables should be set to suitably random strings used to protect data via one-way hashes:

  • DJANGO_PAIR_ID_HASH_SECRET
  • DJANGO_SECRET_KEY

Allowed Hosts

Set DJANGO_ALLOWED_HOSTS to the hostname on which this application will be served.

Authentication

In production, this app uses Mozilla's SSO for authentication. It requires an Auth0 client be created, with

  • Algorithm RS256
  • Redirect URI of https://<hostname>/oidc/callback/ (note the trailing /)
  • At least the Mozilla AD connection enabled ("Allowing Mozilla LDAP with MFA")

Set DJANGO_OIDC_RP_CLIENT_ID DJANGO_OIDC_RP_CLIENT_SECRET using the resulting credentials.

The UI automatically redirects to the sign-in URL. There is no way to interact with the UI without first signing in. Signing in creates a Django user and remaining authentication is performed using a Django session.

Members of People API groups listed in DJANGO_STAFF_GROUPS (comma-separated) have "staff" access to the app. This grants access to the REST API (/api) for pairing and other committee- activities. This should be set to a group containing the Mentoring committee members, e.g., mozilliansorg_mentoring-committee.

The DJANGO_ADMIN_GROUPS setting controls admin access, which includes staff permissions as well as access to the Django administration panel (/admin/). This should be given to the subset of the committee that might need to make ad-hoc modifications to the database, and be capable of doing so safely

Those who are not staff or admins have access only to the enrollment form.

Deploy to Production

Deploying to production can be done by creating a new "Release" in GitHub from here and tagging it with a semversion tag, for example 0.1.2.

Behind the scenes the new Release will trigger this Github CI job. The job builds and pushes a Docker container based on this Dockerfile into a private ECR repo. Running alongside this application there's a service watching the ECR repository, and deploying any new container tagged with a semversion.